edin.dizdarevic at ...7509...
Thu Apr 1 01:05:02 EST 2004
Hi Snort Man!
First of all, read the old postings about this, since there are many.
(This had to be said, sorry...)
You have provided far too less information:
- Your OS
- Your configuration vars
- Your command line
- Your network environment
This could be a combination of two configuration errors you possibly may
1. You have defined your HOME_NET and EXTERNAL_NET to "any"
2. You're running snort with "-i any" (on Linux)
Connecting to your local webserver may under these circumstances trigger
those alerts. Check that. Also remember: Both things are tendentially
bad workarounds, try to avoid them.
You're getting some spoofed packets from the "outside". Check your
packet filters and keep an eye on it. Nothing unusual nowadays.
For the loopback stuff check R.W. Stevens.
Snort Man schrieb:
> Dear All I am new to this snort thing. I installed snort and 70% of
> the traffice is as follows.. loopback address port 80 is sending
> requests to internal and external addresses. can anybody please
> explaing what is this ??
More information about the Snort-users